Malware Analysis Report

2024-11-16 13:33

Sample ID 240526-xxcp9ahf46
Target XClient.exe
SHA256 a0466ffc10e366308a02c612d782bf46e90491b989591e64d6fa9f7364d036aa
Tags
xworm rat trojan ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a0466ffc10e366308a02c612d782bf46e90491b989591e64d6fa9f7364d036aa

Threat Level: Known bad

The file XClient.exe was found to be: Known bad.

Malicious Activity Summary

xworm rat trojan ransomware

Detect Xworm Payload

Contains code to disable Windows Defender

Xworm family

Xworm

Loads dropped DLL

Drops startup file

Drops file in System32 directory

Sets desktop wallpaper using registry

Unsigned PE

Enumerates physical storage devices

Modifies registry class

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-26 19:13

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm family

xworm

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-26 19:13

Reported

2024-05-26 19:16

Platform

win7-20240221-en

Max time kernel

118s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\XClient.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm

trojan rat xworm

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\XClient.exe

"C:\Users\Admin\AppData\Local\Temp\XClient.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 IICAcro-58060.portmap.io udp
DE 193.161.193.99:58060 IICAcro-58060.portmap.io tcp
DE 193.161.193.99:58060 IICAcro-58060.portmap.io tcp
DE 193.161.193.99:58060 IICAcro-58060.portmap.io tcp

Files

memory/1084-0-0x000007FEF53F3000-0x000007FEF53F4000-memory.dmp

memory/1084-1-0x0000000000110000-0x0000000000128000-memory.dmp

memory/1084-6-0x000007FEF53F0000-0x000007FEF5DDC000-memory.dmp

memory/1084-7-0x000007FEF53F3000-0x000007FEF53F4000-memory.dmp

memory/1084-8-0x000007FEF53F0000-0x000007FEF5DDC000-memory.dmp

memory/1084-10-0x0000000000600000-0x000000000060C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-26 19:13

Reported

2024-05-26 19:20

Platform

win10v2004-20240426-en

Max time kernel

373s

Max time network

385s

Command Line

"C:\Users\Admin\AppData\Local\Temp\XClient.exe"

Signatures

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm

trojan rat xworm

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\ C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XBackground.bmp" C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1728 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1728 wrote to memory of 1264 N/A C:\Users\Admin\AppData\Local\Temp\XClient.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 816 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 3376 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 1756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 1756 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1264 wrote to memory of 2788 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\XClient.exe

"C:\Users\Admin\AppData\Local\Temp\XClient.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95b0246f8,0x7ff95b024708,0x7ff95b024718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,18109565469422670970,10037991535200164455,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,18109565469422670970,10037991535200164455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,18109565469422670970,10037991535200164455,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18109565469422670970,10037991535200164455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,18109565469422670970,10037991535200164455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18109565469422670970,10037991535200164455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,18109565469422670970,10037991535200164455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff95b0246f8,0x7ff95b024708,0x7ff95b024718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,13899772377560459564,11094607765212074479,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,13899772377560459564,11094607765212074479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,13899772377560459564,11094607765212074479,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13899772377560459564,11094607765212074479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13899772377560459564,11094607765212074479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UCXJB1wWTMF0S9YWOlc2SRTg/community?lb=Ugkx4s4F2xUf5sudMhmAdYbWBxDD6YldzD5k

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95b0246f8,0x7ff95b024708,0x7ff95b024718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5344 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x338 0x464

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,7260508704201356746,3616370402198592236,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2

C:\Windows\SYSTEM32\CMD.EXE

"CMD.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 IICAcro-58060.portmap.io udp
DE 193.161.193.99:58060 IICAcro-58060.portmap.io tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 99.193.161.193.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
DE 193.161.193.99:58060 IICAcro-58060.portmap.io tcp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 193.161.193.99:58060 IICAcro-58060.portmap.io tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 193.98.74.40.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
FR 216.58.213.78:443 www.youtube.com tcp
US 8.8.8.8:53 consent.youtube.com udp
FR 216.58.214.174:443 consent.youtube.com tcp
US 8.8.8.8:53 78.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 216.58.215.36:443 www.google.com tcp
US 8.8.8.8:53 36.215.58.216.in-addr.arpa udp
FR 216.58.214.174:443 consent.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
FR 142.250.179.118:443 i.ytimg.com tcp
US 8.8.8.8:53 118.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
BE 74.125.206.84:443 accounts.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 84.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
FR 142.250.201.174:443 youtube.com tcp
FR 172.217.20.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 yt3.googleusercontent.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
FR 172.217.20.161:443 yt3.googleusercontent.com tcp
FR 216.58.215.36:443 www.google.com udp
FR 172.217.20.193:443 yt3.ggpht.com tcp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 174.201.250.142.in-addr.arpa udp
US 8.8.8.8:53 161.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 193.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
FR 142.250.75.234:443 jnn-pa.googleapis.com tcp
FR 142.250.75.230:443 static.doubleclick.net tcp
FR 142.250.75.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 230.75.250.142.in-addr.arpa udp
FR 172.217.20.193:443 yt3.ggpht.com udp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
FR 172.217.20.174:443 play.google.com udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
FR 142.250.179.110:443 suggestqueries-clients6.youtube.com tcp
FR 142.250.179.110:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 110.179.250.142.in-addr.arpa udp
FR 142.250.179.110:443 suggestqueries-clients6.youtube.com udp
FR 216.58.215.36:443 www.google.com udp
FR 142.250.179.118:443 i.ytimg.com udp
US 8.8.8.8:53 rr3---sn-aigl6nsr.googlevideo.com udp
GB 74.125.105.136:443 rr3---sn-aigl6nsr.googlevideo.com tcp
US 8.8.8.8:53 rr2---sn-aigl6nzl.googlevideo.com udp
GB 74.125.168.167:443 rr2---sn-aigl6nzl.googlevideo.com udp
US 8.8.8.8:53 136.105.125.74.in-addr.arpa udp
US 8.8.8.8:53 167.168.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-aigl6nl7.googlevideo.com udp
GB 173.194.183.199:443 rr2---sn-aigl6nl7.googlevideo.com udp
US 8.8.8.8:53 199.183.194.173.in-addr.arpa udp
FR 142.250.75.234:443 jnn-pa.googleapis.com udp
FR 172.217.20.162:443 googleads.g.doubleclick.net udp
FR 172.217.20.174:443 play.google.com udp
DE 193.161.193.99:58060 IICAcro-58060.portmap.io tcp
FR 172.217.20.162:443 googleads.g.doubleclick.net udp
DE 193.161.193.99:58060 IICAcro-58060.portmap.io tcp
US 8.8.8.8:53 www.youtube.com udp
FR 216.58.213.78:443 www.youtube.com udp
DE 193.161.193.99:58060 IICAcro-58060.portmap.io tcp
DE 193.161.193.99:58060 IICAcro-58060.portmap.io tcp
DE 193.161.193.99:58060 IICAcro-58060.portmap.io tcp

Files

memory/1728-0-0x00007FF95E6F3000-0x00007FF95E6F5000-memory.dmp

memory/1728-1-0x0000000000E60000-0x0000000000E78000-memory.dmp

memory/1728-6-0x00007FF95E6F0000-0x00007FF95F1B1000-memory.dmp

memory/1728-7-0x00007FF95E6F3000-0x00007FF95E6F5000-memory.dmp

memory/1728-8-0x00007FF95E6F0000-0x00007FF95F1B1000-memory.dmp

memory/1728-9-0x0000000002FE0000-0x0000000002FEC000-memory.dmp

memory/1728-10-0x000000001DED0000-0x000000001DEDC000-memory.dmp

C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms.ENC

MD5 d7073ae47c446575c1757bf593015e3a
SHA1 f31fe3ea3de0c783055c309b1f4826f953a987b6
SHA256 6baf038baec2ecb359ce6acdf1d99943b95f0bb5904638e5951a97e675ba4ab4
SHA512 c02de73d23b9d52679cd142c97eb12ec894cb99b0e79022ac83f92b6a9dc178ae1dabce4e9b707fc60811ee04b90bb5ce77f588fa924741c446ed39654c45af5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ea98e583ad99df195d29aa066204ab56
SHA1 f89398664af0179641aa0138b337097b617cb2db
SHA256 a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512 e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

\??\pipe\LOCAL\crashpad_1264_IURQGOIUFRNVXDYD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4f7152bc5a1a715ef481e37d1c791959
SHA1 c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA512 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

C:\Users\Admin\Desktop\How To Decrypt My Files.html

MD5 d2dbbc3383add4cbd9ba8e1e35872552
SHA1 020abbc821b2fe22c4b2a89d413d382e48770b6f
SHA256 5ca82cbc4d582a4a425ae328ad12fd198095e2854f4f87b27a4b09e91173a3be
SHA512 bb5e1bbf28c10c077644136b98d8d02bfec3b3e49c0829b4d4570b30e0aea0276eb748f749a491587a5e70141a7653be1d03c463a22e44efecde2e5a6c6e5e66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0da9f01fd965a0f54653f3c49e2166a7
SHA1 5173c7bcd3ff7892fc4d3c0399fb10260f6f5b63
SHA256 c59258d9cddc23efde1a4702eb174f178b7203cad9a1303aeea761e7c459cfd3
SHA512 68db5f56258ef190dab266b1c4faa8fab53cb5ab90790a2cb5606d210b24652e11a794d99ee234c55a330ae5a24f2c72141be1fa8b793f5c4799b1e9f0291fde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a0d79877f288ddc2181dd38245cd7707
SHA1 82385904112ee36ee660811818c47bd892347b27
SHA256 a1e6c847a7d88186ca0cca023cc7e227cf2bb0cfc3256fb729fb131fed1d92f6
SHA512 cf3abc7d593dcabe98e8f2ec4645b9c4da201b3f736fa55b50e4b9ce75a40e5635ccd309a37b838d987adca71aacd673b8f07d315b08138b100c5e7575505d5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4a6a57f008cfb2840382435d50ca4223
SHA1 eadacd9a844a75d1d64142a574a8a5efb36072f9
SHA256 10d96228ad91572fb18531ead0fb0c0a85cb129ed57fc6deba2a77e5af1e4218
SHA512 18a8bd737cafea949054a1b74d27a95f2bc0290726bc306ad3993da6c6821fe7542d2cf6725bada1959b9512d8f3faffed50e2f4275cacd27c9e14af313cbe4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8287f3138f3b12243cd985468d5e9c9e
SHA1 cdc96bb898078531a724673a4ecc3e46f7ad82ca
SHA256 0678ace14c39e8b2562ebafae1710644308a961c757c7862114fbb2bfb39383e
SHA512 5c570d5ea9473e0f2ca2909473b60df0a6433d56c7aa143cff6879fe86143fddf03ff74c3ab997c32ae6872563f11440dec8f7cf55d5122e031dce64188fd0db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 5266f4b1a0fea71b182f7a7585da8f6a
SHA1 1284507d3c26fa91803a52793591c6951ddd82f7
SHA256 1862f344a67ed7ee1b0ecd6079f4f1eedf399394f69f536d6d59cd6027c49d3d
SHA512 5dc0990a15fa5d02308ee6baba1324db258f2e0e4e27476b3bc887bb245c0547900773543f8db49fa30a68de3988ae0b520ad2833a10f0a23ae801a238db7c4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13361224487047004

MD5 e5fad329d79ac48deabe62b5563f6d88
SHA1 6321bb9cb2c7901971ce9a42bd0d3adc88158a28
SHA256 c3c138d8c6531bd370b9f210ae86452b093fcfdbe6c758060348400bc2c82ea2
SHA512 3d18bbc1995360c3bd7bec7411b23a7ac27cb182f5bf0cfa54e75a9a4e884da467d2f80bcb7144da811f80d853e683eb5694913bba3fb9fb8cff309bb82ed21c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 b4cd65858b1dadf4a764db629a279a1d
SHA1 dd2a06eb6c755fca41c1888cfbf00b06039d8e32
SHA256 ebf77bfef3e2dd8492df160c72d9daace81a95e4ef394c4646e83bf11d74d0ba
SHA512 da2996ba18d8ae71a90214e4b549ed05cc273da02bbd1ae14311a2733da85d075bcff5f8db3a97ccc5e82af692b8490c6ffe5af88fd1d3a37860d2ffb4965aa2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 7653491a2796bbd5028de4d8a8371471
SHA1 44ecf1651846d98981e869bde1ccc90a93a366d8
SHA256 bc496b9a6f90ac2282874caf706f95cc9fd5d968ab205e71e7f5dcad0983092b
SHA512 4e3e81237d2e5fc5e264006dec0b446b5dcc61aecb951cd26ed544424d6a0b32d34040555c2e5ba70657e466de1cea946bd2eeaa91467b3e7db4eedca8d1f57e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 87a21f29aae519829be59114db9ea372
SHA1 f4ee0da40a361f7a87d1356997725303eea677c0
SHA256 e4c1b9dec6089c99a821d070f65e5a6ef6f386f15f6e246e9fcfb45b4c8d5af4
SHA512 1f698b97b0db081f83ddf2d4c5a80d57a9e720b1af6a01631d8a65ea46927b4a53ee4af2d157b593d6361d7d35966245f90d08f25232f273b1e4de3b5be4a0ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 6afe0e68075d73c06d53d7eb4d9f1751
SHA1 765c5aacb4cceeed78a6b9d3bab4d19c558fd43b
SHA256 4892f6cbdb2025eb9000ef7b615a7f3a24dfb9a60adafa4e4bf06ceb67e9c828
SHA512 c51f367d92180a20802c9226396c83b322a3d7f89b449c1ca9a971240dbdefb9c34b7b0606804ca16f0e598a208060b3f3e71530324a0ec349ac38e751b78212

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 a62d3a19ae8455b16223d3ead5300936
SHA1 c0c3083c7f5f7a6b41f440244a8226f96b300343
SHA256 c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e
SHA512 f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 db0e2e3a7833dc6bb9579703da0f660f
SHA1 2c68ca0ab65105fd1668262c26ee7805adc2d273
SHA256 c8bdd437b8375fe3cf2350f6f386c68c27778718d66ed7fb0c53de6c6a407fdb
SHA512 60228db03f7225637a5d01977be2404f2ab2b7254ecb1aca8453d96db0df6d4e56747025713a542a1382964c8ddd8e15dbe2b4a5cdd49f49be0e0e53b5655033

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 46ddef46fcb5dd419618c106c05edbed
SHA1 37c9db224f0884136492015309fca59da227dbef
SHA256 4aaf4544f54383d771e27406c5b0ccce26536a50b0bf146bf76268207ba6402e
SHA512 53e2d5275106487db093516f074d1c02ebbb28d6a6e75095c9c02080c3c98a775000e309ed99af037f2a9b21c37445d3dfe3ca9aa4593bb148d6c9a1913692c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e2d2571b-2f2e-4e7e-aa4b-730e9ef690a0.tmp

MD5 a6201654abbf5963a7f72dc59fa3ad29
SHA1 8c126d6082e5fb130fa586f94ab53e8cd576a04d
SHA256 f4079cde9e627446e9b2550422fdc528a306ea82e485302426c1b3f608ee60cb
SHA512 e6d51d29a7882cb627c56e176ad741e2dec5b0e7ab18becc1740798530ae5edcc243a18cb47be73c533d559dcc76d31e0f87749c5d12547d3372965843723d0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 eb97829b260ccab2ae72b69609c0d8ce
SHA1 4c4ae9bd395a3a5a4de11680a79a0719b1893924
SHA256 da9e375a49e122fb659531da049cb2b2c66f075e7cfc0e85f94fd4d9f3a247bb
SHA512 1264842440d1f135241997af1173363da28f33a9298fd3d8d156aea21040f22d166b5fef7f48dc2e39253d2436f97c9c2772e25787394b6c30d917324f5f7625

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 30b1bf30a17b5fe9599be1c17d668579
SHA1 923da688881da2b21725414d86b3f5cd86a72d61
SHA256 dc8126d4c183f7fc8e7923cddc9deb1dbbe35faf83ac4768132cdc8225c7bef6
SHA512 3a812e7d63d844fe0410d525a0611b76c4f338422f558e8c8e064bd33051f3dbe863f91dd1028ce85e0e7d91a94a5e964640a4e800b45c3d65741964ae788202

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 6cbd881dcc24988e1664435d50030b47
SHA1 269122dd700e74e9cb8faebc41524c3ce42ead0a
SHA256 ea4b51275039ca460805539278330770d886369adf6c090c6cdbd4f4cbf45860
SHA512 f87c01f3649d8801445c2c0ab47ba304189259d68238150c5d007613f06ce124fade4dd545e45207c2f14ae8373dd02e5ad03caa9b337837d73d14cd30ec99a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 6630031798ede053a16fb3a5393a3146
SHA1 9ac5109b923f04c18c66d0715a540875cd282d5a
SHA256 e5897e15b01e58b5a2461a0216141349872771489dc6e95e7f35b34ab79e3d5f
SHA512 5d123d30861560358f83796a9fecd6e995fda6ef33d00b90b6e405f9375d978cc0032dcdf957180c9b330b9cf69ba090e469e066819a9f69f8e5ce6702820e87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 53ab12a0ce7174f8a6b08b7bc9f12152
SHA1 4c11678ffc4adc7302b2d1a0359cd43042675264
SHA256 af6a4757b6cdf9d1a753048fa9fd556f218ec606bab0772be762bc70381c14d5
SHA512 24d256750880dc8f730e7a2bd9805238569c7ddcbee7c1a5aaaa92b8d8d21c9d228f843f2a1b579c0292f505a43316114c8c6bf697bb414fad399774e78d427b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 320f8941b653a00eeb010347252dfe48
SHA1 79efb9eac5439764026ec1611fc083a66e472a0e
SHA256 32959a0a9e2f3be1b662e08be3e9b15a6edd963094481dad0806b1f7f08bad66
SHA512 7af9f29d66def59d8e63b6909fc7ee8520498fec0abc70d16a784830a25dadf5534a15d9409b5eb842d3cdd7becbb5275f65e64c8e831d304afeda65c9850487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 76107c4eef3dcddd9adac6dc1e9bb458
SHA1 256ce58a22402e686d4e1adbf78fb4e7051aa87f
SHA256 4f478c7caef418b6aba123bb403ee0f923e080c53f6698cbe91fdb86a8351e1b
SHA512 a3dcd0ae28839249e55e23b9cb1e0a63badad1ee85443973f75ad9e46ae65e8cfcc93247263176cc1c388405eae2ec04d909df1cd92c0e6e66c1d1a5a7f07d98

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 1107ddd44cf938d9efbba4c02d57c18e
SHA1 88eafe20e6327e79691a9cb81be276897918805c
SHA256 364a7a929bc118efbeeb02827394d37a32db6c412c6329e92e8ecc97859600ee
SHA512 39a28ae4c0e9e948eeb143c683ab80308373622e02fd2dd460207d33098662d0f207fe15e1b01b27cbd4b73238ff2e48e3efc679e67cdffba696f314e7f4350e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

MD5 dd16dfef4a82396f34f73795896cc863
SHA1 1ffa3615f3a22cefb48132bb137c3294c5d39ca2
SHA256 38ba1768f5183c37ac0b6647b0cf0f8a5a2aa1d056a8df8ad439db87edc6d098
SHA512 90cbac870c1e37f57602250c02443d9fa2de93df5b38d5092ec4d37e4c017de0424c57858ee791d595a2b757886c74797b3fed65845b6864e651051e00d3860e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

MD5 9574abd4ed55b15604770d6b2a97a1ee
SHA1 73a14fb0fa58e6f04dbdb9634156446bd16e7c75
SHA256 7b9ec8a7d383166b1419f5ec116916d06e4e60ac28c2305c67521b8837a623c4
SHA512 af3f6c86adc9ed46d31f18e2391214c16d95f099ddc307260468de6497d6f106de4480fbd8c5c4ef72317e923933fb8bee6007e1e076c71348082c16f6695f6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

MD5 cd15f4ce2bf462ea28f221cfc73d7f40
SHA1 c2750f0db169960f05bb9fad7e904abdd0772a0d
SHA256 c4820dafdf09e35443abb374f4496d670a66cbfea9b69b90b3ec5aad3d19054d
SHA512 830d9fe6986be2ef8a15c1ad747804692ba2710115087b73218db6c7a38b39540d87b562ab7ad60a53b6025ceb4f41687d2df4617aefabb2237e44a6357627e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13361224486841004

MD5 d6ee9e942787029c7d5cea7370e8465b
SHA1 b937432cf7de3fb000d6e4b55d3710ee2c723f13
SHA256 7fd6109b772b2542b9ece96da6a7151e0edfb0a5ea912c5ef00eba0179bb281e
SHA512 67ffd512bed6a21713dee350bf7e38e80e821a78ab90b7fe6c56fb881ac8309b31af4447e06e2b1064955747323e3315b5a41de40acd6db453e780152146a59d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a110c551b09a6093d0700e4faad46fcf
SHA1 c6c8bb93945dee02b8cbb57cd69b430cfb41289b
SHA256 9e6713ce7eb9fd0dd8abf440e7b8a3c1ace63fc74630faa32554520391a89aa9
SHA512 0b7a75399edaaf9d34a313a82d5c1bbbdc66b6849a9a3ea276803e9beaa0c4a375096d9336db516eaa77af370c61c95753ba04ed3ed8e280cce5eeae9ecd7559

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 abf0de074abc6a21e38782dc5efc50fa
SHA1 9f5fbe0c71040e0fb2d9fc42b784b666102f5a01
SHA256 26845506c49233e21ddd3b586cf1fc249b283d77f6938459a68460001fdb9b46
SHA512 2fb1aba651b2fa5870c73a330f74af7f3c8a650a5627b8010b5bbba44f2bec7acee4c63b3a58dd06d2422b1814df7de4c5d1d9dc2192da3f36c7fc3a80dba1d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e2377978922435f64cef4f3747456de1
SHA1 e94f9f538b0cfbd806d8dab25942a291270e8384
SHA256 429784052c0073e248101d6d1fe9c76ec103a14de297296570182de909447af3
SHA512 8a85369800eed241d2541dc60cb3c2785004014bcec35fababfee51ad146521eb5cfa976a6bcc2f27911dc772fc4ec81dbea77d526412f4331ba3b61b9919736

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

MD5 bca5f5e0faba0909157d24f0d726ee67
SHA1 ed088bc65547f9413e502c609b9e8bb482bba4ce
SHA256 bdc5c17b0971c0ce3f3856e963d960aefc5af12a73ffb80477d934881f17516f
SHA512 5181436d3576d7cfeaf8ba6922b3f11ca1a4619881e53e6d44ce10902fa32e4b1a899b68c84848280aff5ed84f3f7f944e1296969fece345fb5124ef826a1c24

memory/1728-450-0x00000000015B0000-0x00000000015BA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13361224502674745

MD5 8cbbff0dfe9ae6b678e14f8746076d59
SHA1 58b12307a5bacb266699f0723fdf155f0900dbe1
SHA256 dcbf43f580040de5c53103d8eb1b98a73ed9e98b517531179aff4cf0359da0ee
SHA512 94d3b312a492e6f1d6aea2eb073023999ba09aab26bc0d954dc898727daece0c46b66703d989d5201fee1e7bf5812eb0cae377678b2b61eb031376d53c123055

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7bd921e1-2055-4a8c-b973-7d43680b9786.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 6834548257d6b8c060a0f60e09fb518d
SHA1 9524b711f930081692d45e5b4c156bb57237791a
SHA256 ee517b200af8371a7e3b5300a64178991068f912e1641977d1a64458c69cf669
SHA512 be43fa95353bc23ffea7b370da9d04e61ba48abed45607abe21cb7776bcf86c73cea4fdf4f15f8aa0fd4ad9075a0a1500e53efa0916a11e234ea6c53d4d5fd6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 babdf9bd7d019306a0502271214e0721
SHA1 73b3a19f3e246ae4c9b5b4c296e248b2d7fd64ed
SHA256 04ea92bd86f34b4aef00332422375b3d3f6068d874b9ae1f5a597da44c283746
SHA512 12ba84ec2b14e3f9957b63cd6df647aa2b6c95546c0a31b2d9423a706bc438186e12e525114f34d2088b8a2308cdfe5038c1f7cab0b74399798983bb37f40032

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 7cfd32ec9699b333f68b99b7436b5a63
SHA1 9866049e4110b20ffff8049ec609de2831078f74
SHA256 b969bc4b5c1785450e2a1b4ae98b4c01f1ee5bd54e26cdbb1d2a7a0b638a6a61
SHA512 c949ce2bf1ae7ce92f6c1fada565aae18274fd7c8fcbb0c6d987edbd5ff8f1340b82731e7169b26825ee67ee3a8181df78cd5a3e7095662952e9a6378709a4b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 5e139a9dedaf58d45a8c71a8dd43af87
SHA1 4b9a8e5d46ed88ae3db20d1f57c442973c1a6487
SHA256 821e8f9cd7fda5bcd8d8652cf838396b1432eadf1ac9f6665caec14fdfe262bb
SHA512 09b312c1ae542cd693e8114e56613d77a3d92f2937f50982d805fa087873849454383ff6e5c5d6484f508e0f1a332dd31ee1bee71eeb1657d7a369c053c09b14

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 ba255993d526a31d40125a6becd210f6
SHA1 99b79526c0f12bca0322eb3764ccbf443637c530
SHA256 3d2ff7becca35ac2f8307bc8d3c71a3d124f44e763a8afd2de1e5e860fc807df
SHA512 a0ef7b2bdca3992637f37adf3dd831841cd68e0d265e2346bde874eb5f45aeb0d3272b0a06378d67c28beef6d045cdb2d71007087631bfd7ae9622a116f68525

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 71d968645d912628330bee6f977370eb
SHA1 8ddd5e781a1e6a8c95fa3559e8aaa282270ca85a
SHA256 ad07129b4b39b2f664c84853dba16ef95dce8f46102eaa6cdcecd1efd1119757
SHA512 cbd6bd7f4498b8b109e5fbf0201d20aeb726f97e3f747414e0a2d1946909da73754404896eecaeb886871a65fbd95b49e6b6e0553e5bb2145783977c7ef8fa74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 6153ae3a389cfba4b2fe34025943ec59
SHA1 c5762dbae34261a19ec867ffea81551757373785
SHA256 93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61
SHA512 f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 96c28793967db329a2c1cba0636fd039
SHA1 f1351e374f59dd06c84564c413c61660b45a0b16
SHA256 e4c00b4b40f0ddb34b8d525015d77055e130f44b6b0b406df2dc2bbbf35c44b7
SHA512 ef1952dc332f3c3c84535269b58bb5e936b2b66ab142c1c1e2f814f9b477cfb18ab69a2e9cd49e73f12310ca832e3dc3e5ee43a0e89309e60641c6751f85566c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 356e73b65a4d0045e58f04b88fc9f2d7
SHA1 ffb28ca7226dcc042a382607c92919b7f4f684fd
SHA256 5b593f266f51192852de0bc76831fab3a1a3fc004cb7759d13d9503df84e566b
SHA512 2a7175aa62d77ed5a7d6ccf1acc9ca19bf5ae8e49b83e1176c22b75ec9d409315a1836754aebac4eb0d4560005f11578c419e178b2b7b37420cf919d78286512

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 e5ae2da506f7c7927a56dd77586e3392
SHA1 7a1a401b6a2533522bfce90b33ae07c775c48262
SHA256 7fecc023b542fa356084c739d329e6aad507aa1f9b1c92ed8a6dad125a90b87e
SHA512 d25c6a08fa4be52cf4a13e6aba729f8187c9ae283eb79fbf7e6ba808db8f0ab81d288602cae49b062ad9534e6a9d5f0b4fe80837b5f6de6f538289eb224dd071

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 210780fd5ec2717c4a040434defde249
SHA1 bbad43aca346c410217247ee8f187b211563609f
SHA256 c70d07128ee76c504638e3391c1f59995d66ce445d6eeabc3ff04742f8530a57
SHA512 00e32cfcc9ccf35313113b5ab9561231102f6c1313de7949115211956ac1b4f8d76c9ab0e84e1218c92e0cca5442aeb3b7ec9fd93b8df4b3d4e136b2eac528c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

MD5 0a03faecdccce802167e04aad9585542
SHA1 d2ee2e6713efd317a909e33e0c382fe342257ae4
SHA256 b1913f456839dfff6ae7d0b80d6cfb95143da4f382ee047548eacf2ba6063d25
SHA512 caa3244adc8b9915fed906759e3d5d7d6ca054332056fcbb3c91a53e0afa2d3939259aa3df620d4c21183bc2f6ba9acb9596cdfd43b54e3eddd4d1d40c758edd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 326917e66b6409b7c7a95c96e9a49657
SHA1 f9487dd1ebf113038ee2964c65e2a8f363ec21d2
SHA256 bd817751fdd7e743aded823d59711dae2818cd5090ce443495b1ac35c98af656
SHA512 f8c9d47c973ad5e2bb9718a2f8afda68f5a3e303697522e7429b749b723309e2ee8cad2efa8ca868ec1bd678ed286d8ba6ed4845ab075ec6f2f4e90352c8871a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9de35a9c8522a71176b2e52b2b893454
SHA1 a71125fb0d2e1ce65adec3a6484ca1ceacf38c2b
SHA256 2ef43d0ed90bd552580a7e5f1b0fb2c163912efe5205739f881b9681b2493a9a
SHA512 cd0722522dccc11529c511859c7959b3e4a497afdb428562c9eb4d2b0faec97e6bf2d477e7088913910c85a90dde05c1bfdff812c3ab823ad58fccf9ac66fb2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 16ad39b6d75f30253774e2bbad059de6
SHA1 f91b9bc9e65b2f72b19dcbb2983bc42cb71ddbc7
SHA256 128ee733b87340abed500aac0cf517e25b6d6070490be2048783c3073cea1a74
SHA512 5272a0dfc7c1485b1498ab5ae53e73e5326abe7ce45b91ad9d192f0e2508e1213e9552e29787b34fbcaf2887d32ad5918648832f372211d5bbccbdbaecf3d727

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9bcb2a64422c74e7f6d232df65faa8ff
SHA1 95ed7c8cbb5a9d204728ac5337c0bafd6e35294b
SHA256 1c322f9c4e37ea7237f0bad75f8abd1485b0822e7ed756270581b954d7bdbe19
SHA512 bd1d8c231a18f7c78ed3022d563d0539c33de9505383adc153bfe4ea3eff0a0ae2b3fa61196ec9ebbd20d1a83e97e5d771cadf50e821ca1491b873c40d2fd746

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 2841eed8aa3c356723a99aad3d4e7b06
SHA1 11ae41200b917cce9ca2250071e072cc1ad0709a
SHA256 1d4f16c873217ccfcc08e2fe7cc44245c561d9844ddad5295022078691ff6fd0
SHA512 3f7cfe4c9a57d8ef029f168373d6e764314ea6d1f82af46b702fab0efb7aee85645ba98f238e1f481a4b8be59a86402007b19a79f7d64b5ef9ae8af83f9f11da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 cb64549988cb091aa461fb10427be1b4
SHA1 e9f0901d8a9d2c1181d5a18c56ab8dbc2163fc2d
SHA256 49241301d19e12217366403e470313ac4b998e2c853737f27d826f44c8399e95
SHA512 dca52afbe364042cc8a8d7fa007892f76acc27273226681b6b491f550da13bcf3821d89ee78cbf9e2b4cd8157fbfefb084afbf9d055967afa6a41917def637cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b61d3774470efd5e5ecfb8b152be438a
SHA1 948df60b9c7eae1975e97db3ab69e4207a32f486
SHA256 c4dc9574a3cf07aabf245046c0a41e65b9ffb0a6f8f9b3e72f68b59388123ff9
SHA512 d472c5956ab9e20c1ef545d52673b1252a0ddd958e205b03291d309cae0eee6bd1147b4932e0a4ca575016087dab900b46e3e92367a9c82271e30961118e025f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1657b29f79df0fa3220130c662b2486f
SHA1 a1023297ef882405127d65c65edc43c84a887d02
SHA256 be5fd2c675be55a622fa74aeb66e637f0f5a5ccd10ceb5f1798d3ebce2575e3e
SHA512 38066adec3b488a7932f33fa7915006d51f5ba5c1bc90bad21c394642868e8e0ec1e4a3fa4832f3a8c12901e0503fc97b3412dfa5661adb84528f3dd17daee9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a347f.TMP

MD5 565acf3dbe5bd48c0713aa1727a8758d
SHA1 b35d98b907869af08db1cd94f19496047f3e4aba
SHA256 ab4e6b397b766c9929f4beb40debd576492f08bbb7f8a2204519e6c4e1d11c50
SHA512 2c328008a2e02fe0add996e94d65a205703faf94e538a2ca09866d43e0bfb08b07dd6ff575346fdb226190d08ececc48dd077b99a3890dc45eac6166cb89cde0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 fb20d769a9b8c7a87bdd09cbea297a15
SHA1 763fea6a39c77ace56a2dddaab611ef6b41bbe0b
SHA256 d06ab0f79095ba7802606706245d8b6e52fcae96a23a8b8533eb2410a2627f24
SHA512 13554abdbaac49fd72dc803305005b28f8158a1dbb20b9e3b0d1b9f7fb42df66f6533d015e37128249222b4bdc424bbe7db65aca848f025633a30643ecd32883

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1e65a9db-0870-4316-a5f6-844c0c276b80\index-dir\the-real-index~RFe5a3970.TMP

MD5 431a0c102448583b1dff3fe5be4de83c
SHA1 bdff9ff78ea5e6d111fc3b8ba3248ea83eb920e9
SHA256 ad6dd2b92c0b413ae3951e78e1c5cb9f7010afeee3e38343d9f1710f5068aa8c
SHA512 dffef88741837637b035d5562b293412f48e86eca27a88f737817edb912b0c9da18b65737c675b7bd48485005008316ed63af8c2a6fb6748f25caa4d8bb17824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1e65a9db-0870-4316-a5f6-844c0c276b80\index-dir\the-real-index

MD5 22270471d23b7a8a9a97105c5d43f36b
SHA1 9c00c197ae914dcbbe7420f70af793a05272f788
SHA256 72131c20b6afca8890df6c36e829cd97eee3831a1ee53eaf2057ee0e2f725ea2
SHA512 94cdc5e69a1e1e442a480162a290faf09b1ff94e01da3e23b071b8da6d015b63b0609e7bc906e1e50a7c698620432f71f45f16a6f446386c4694ac7617e8ddab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a12077d8-ab37-469e-8bd4-bf8932e27a6c\index-dir\the-real-index

MD5 5f0b0c64da754b58252cb1b9260ad6eb
SHA1 c0b423e056a8893c8b0030aa727419dc8615c94d
SHA256 20d4c6255a0ca7fd87f2e6394cc67f6296e9d50b5a49bd43bf7c6e0b86fdc996
SHA512 307e438c3b2db134bf5421c0979b8085b761ddf402dfc456849944d8770b4f5121a216b53b044debd6e1ba4b1799a7c5ddb8b2f70e0f4ecef2bf8d1d3fc003fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a12077d8-ab37-469e-8bd4-bf8932e27a6c\index-dir\the-real-index~RFe5a3c20.TMP

MD5 a9977fdf8e85e7ea1b8693d3f88a6376
SHA1 44b71b4ff89a132881179a8991cb6b7aeca07707
SHA256 87cc76868d396551c164b1f591ff999c3effc6ab95a01a844ab4b61e2bc6569d
SHA512 bcda2908118d018f5b4ff670cc88eb54002217bc6636f4988a94e39fdb800f20516dfb056a1701034d9f27bda100de4f6941d4ad6a6447f538a90ca63cd6cfef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 70c865eab68e7fcc64b8f12c0f388be6
SHA1 e8ac9f083d5ecc4c0725e8afc855df249aa74480
SHA256 92e4529c5339e68760808d108e871805dd38d7f878fe5f6dd1890d5f4cd8ed8b
SHA512 4d906457a8834ebb8e3c21d84d7c3d61dbbe81ed4490316e3bf5c4b994431d7655746f2c1f9095a3e92b06bf5242e7ab189030276711cabe542c122f789da8fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2162a1572493977a6b1b7aaec2d34a40
SHA1 e625aad6a8bd8ff150329564337b6f376427e621
SHA256 d0a8acd17664e2ad65036ea793a0353d90f4e1ea560d2cb3d9246b99f45e2005
SHA512 4df34fddad1e994ee44d4e22fe02728492a5ef2c3c4668d488485fbd65d1a437e4a461ea0d038f9b78386b2a331aeeeaaeaa0347dc9ef082efeeb0b7cb817d7d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a12077d8-ab37-469e-8bd4-bf8932e27a6c\beaf1e3442224e17_0

MD5 b31e8c8f3c31ff718919f1c5880a9d65
SHA1 0c7cef38fa213d33559f4ee5fa31e72188823753
SHA256 b764d580da7c38c895c4797321190ce218957e0fe7b0f3b71502f1c975e15f69
SHA512 4a6e6ca63ad272cd3e74b45f071fc535ed4dea7879fc456288b8505091c74cb74981f6bcd68cc1374fd82d7b40797560a47fb11e9dba8cd8a4154810404b8e34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ce6a05360c901951bb8da0bb43d8f646
SHA1 4400aa65b43a2c05fa8fc1cc4fbccf5cd5ed5868
SHA256 b2fcd8276cb41909363e0cec725102ed0d14f1b633cca58d6f01cdeb17d539ab
SHA512 861b540b6ad5252128bb3a741110307c0799a5db914987f4eacee5bdcd0f227d0cc1e33bf740d26c17f863f889334c2f7ca26048478ca4e682c9e7467840efd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7980b034ff80f6eaf9667719c728105b
SHA1 0b13b5cf774139c6d826c71a9474984232cfcc35
SHA256 562e0fd34edf6a15c35c1c98dfafd3ab4e867a08c35e4688e98429156c86a2f1
SHA512 f2508526f8a630e3d78ea63c8be48caf25497ec66bbfca37e5ed30a363a3f04f7901bb2ee716e4c373aac9f1b5a22b73a3e11067671511aa846f925c4cd28383

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 53afb77429b080f77ff59609cfe1d372
SHA1 6b6a9bb68a2b68c16a45314fc6f81fdf560be6b4
SHA256 6df00e93b6ad1ebce6748f2b7c8fb08abe30af4fb0117486935b8e68be430711
SHA512 20fed9e44cb3b6056915a2a3138740486ab684ecdebe096d02e0b7e9eda4ecce23b088eb3339e3343a21a6e4c9ce2164b4f4cf37ee25189bcada5755b06d192d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 38122f66a77bc36d98e1b92a1f3416ac
SHA1 df28e2a4fa98512b0f23ddc7e2cd9d6fc8ee3ec2
SHA256 1ff3f0aeab3cc01dac30be922c365501b52fa145c6b4acd0287cb993258a9768
SHA512 53ea8f9d1ff5441114ecd9536313663d4df5e2b8320b421edb53b936bcd26dfd290af8b653599c44de6268bc24ce85c20be36f2fb4d73b7fdfd7d7f6c6fbcda1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1e65a9db-0870-4316-a5f6-844c0c276b80\index-dir\the-real-index

MD5 354aac9bcc5536ed4758bdae38cf8c19
SHA1 bce0eaf64ce89f8c88c4f0d1f746f41111ec4080
SHA256 20f8867c9875b8ca691458e5679e6852ee162351925f2b6f291de41c6e8cb5fe
SHA512 a993f5570e338bf8f92d0bddb8d3ac2cf6b15d8175cf6ec633d82a6d1134bc0b8d40ec8ead3a995d42abeadfaf74744a4f50ebf4b15f92cc1062a7822817651c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0bee735e73bc5d5a922d563c782c6723
SHA1 e33ffcefd2761e10b9fa257a6ecd9722bf0d1004
SHA256 fe1907f30f459a826b64096aefb32762d5fa03c5f037f040915c0e7ba417bbac
SHA512 b66aedb5920789edd71284d2f624884e7d58a5eed6a6536271846fb25ca5d79762f92a1ac2497744997df3cd57ddd74079cdbc5a225c2b8225b76ff27eb88711

memory/1728-1065-0x000000001D930000-0x000000001D96A000-memory.dmp

memory/1728-1069-0x00000000016A0000-0x00000000016A8000-memory.dmp

memory/1728-1082-0x000000001BF80000-0x000000001C030000-memory.dmp

memory/1728-1083-0x000000001FEC0000-0x00000000203E8000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 5a5ed3dab3c72e0f48538d5262aa8a80
SHA1 3993bc799823ae157c644110790786f5508e79eb
SHA256 2c22d0c41fe1916ba2d6bf49b4dc182b911dd75d2b160cfbaf4146405473c957
SHA512 438516ce5d2654cf168d358b0f94196c0708b627007804a36a97bd3a6d4bcf261e5fd87ccccecb785119f08c57528ca62727f2f7e852f5f9e8bbf75f6ee13754

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7724ee05405c0183780ecd689c0c544d
SHA1 3e2dfc53a8d74333671fce77f0f7bef74c627aab
SHA256 f1860ee0622acfe30a0fb0270272d991e7f276b5e45d0544f7c51471da795ed2
SHA512 852f4980974a9221c8918b6745c8f24f610b8c1e7eaaf3a1a3469d9a499fd1f258328b17ed4a05b5476c9fb6bcdb259760899ce1ece4a84cf4c287206f82df73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 b0dc39ceed9e8067ee52155b5a6fe3c9
SHA1 72f2a574a8afb807ac404a459a0ccb671db87797
SHA256 77acb5ceee8b527761d81441c8fd5dd0f0cc0462cf6a1ae76ad3c85b9fa7e6a4
SHA512 37de8cfd0c082d19c370effc86ec44940a4f3ed6dfdd1764b15293963fed8eca73aa2ca758617211212f1a09a5b2370837eb7053b72d26d5ef8d45c9743954c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 2c9b4fdf4b27235fd3894bf30a85e982
SHA1 50dd01ef9e82566c1f830f56c932b3f31d92f6ee
SHA256 baa11f097540edacf176effcbcc4d38ba06a62006b9801020eb10a1a787fc56d
SHA512 3bd9cc8e650407819bc0b730373f5c636d54152f314184218e9cb20c87c9a41ab4596abaabec9ee0cd015f13ce670cd258541f49fc2aac4a825bb1cdfa62bead

memory/1728-1112-0x000000001C030000-0x000000001C03A000-memory.dmp

memory/1728-1113-0x000000001C040000-0x000000001C04C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3939e63067188335f3d40a1f79f93b08
SHA1 26ad9628b291e8681237f4adc1f6a2257ffae0d7
SHA256 2f0cbf969ecfb138bda2b149546765f8cfe742b34f709ad4927efa07c72370fb
SHA512 91f163f481365a9f7be337e30b203a2ad23e7bead970f156c16e747162845ce81e0b4b09bbefd9cda84deb11f43e3e9cb9952fb502c167632b05c26af0b906e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d9bbdc65037f440641298be15e2dc8aa
SHA1 815c72f82f4517b288d7ad1f6e69c47970217627
SHA256 7169e09b5dac26bb4c6000c69edc667c3e093a3920b7363764a65be388f3fe88
SHA512 d9136c16955829006e46a727364ee19a71812bf1e47156a76c817dcbc2554ffb90acd36292aab28ff7303af5e329af2034f75d4f390a6db250e9d21e013a0318

memory/1728-1132-0x000000001C060000-0x000000001C06A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 39a7c6d7c98b134f0ae01262d7614a05
SHA1 be7d02a364c9a0d84aee8fff210984e76245b624
SHA256 f3fac3ed904fe2a9b28a1f5386c5522c82420a3d93f5df5f607695a9908373eb
SHA512 ee74b565e12a7326d2c17b76b503c8c913f92132600c3a685824b7f8d678e1d2cfad648106c53edf0016c3bb71e8a744ad0b29a680e0da7d181a1057c71f7937

memory/1728-1142-0x000000001D9E0000-0x000000001D9EE000-memory.dmp